46702 matches found
WordPress Slider Revolution plugin <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary File Read vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.37...
WordPress Flozen Theme < 1.5.1 is vulnerable to Arbitrary File Upload
Software Flozen Type Theme Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-49071 Patch priority High CVSS severity High 10 Developer Claim ownership PSID b0bba867fa7b Credits Phat RiO - BlueRock Required privilege Unauthenticat...
WordPress Video Embeds plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Chu The Anh Fore-Z co.ltd in WordPress Plugin Video Embeds versions = 0.1.1...
WordPress Traveler plugin <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post vulnerability
Unauthenticated Local File Inclusion via hotelaloneloadmorepost vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...
WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability
CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Recapture for WooCommerce versions = 1.0.43...
WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by LVT-tholv2k in WordPress Plugin Theme File Duplicator versions = 1.3...
WordPress Otter - Gutenberg Block Plugin <= 3.0.6 is vulnerable to Path Traversal
Software Otter - Gutenberg Block Type Plugin Vulnerable versions = 3.0.6 Fixed in 3.0.7 OWASP Top 10 A4: Insecure Design Classification Path Traversal CVE CVE-2024-11219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 16f94f193561 Credits mikemyers Required privilege...
WordPress Paid Member Subscriptions Plugin <= 2.13.0 is vulnerable to Arbitrary Code Execution
Software Paid Member Subscriptions Type Plugin Vulnerable versions = 2.13.0 Fixed in 2.13.1 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-10261 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID da8c77c26afb Credits Arkadiusz Hydzik Require...
WordPress ITERAS Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software ITERAS Type Plugin Vulnerable versions = 1.7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53710 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fe46f5e0e01b Credits SOPROBRO Required privilege...
WordPress Sky Addons for Elementor Plugin <= 2.6.1 is vulnerable to Sensitive Data Exposure
Software Sky Addons for Elementor Type Plugin Vulnerable versions = 2.6.1 Fixed in 2.6.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-9542 Patch priority Low CVSS severity Low 4.3 Developer Shahidul Islam PSID d2ce76706206 Credits Nishiv Required...
WordPress WP Activity Log Plugin <= 5.2.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Activity Log Type Plugin Vulnerable versions = 5.2.1 Fixed in 5.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10793 Patch priority Medium CVSS severity Medium 7.1 Developer Melapress PSID ad9533377437 Credits mikemyers Required...
WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection
Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...
WordPress Disable Admin Notices individually Plugin <= 1.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Disable Admin Notices individually Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-52420 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID efd85849f48f Credits...
WordPress Razorpay Payment Button Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)
Software Razorpay Payment Button Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10851 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 88605e5d5760 Credits Peter...
WordPress SKT Addons for Elementor Plugin <= 3.3 is vulnerable to Sensitive Data Exposure
Software SKT Addons for Elementor Type Plugin Vulnerable versions = 3.3 Fixed in 3.4 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10693 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3577352f604c Credits Francesco Carlucci Required...
WordPress WPLMS Theme <= 4.962 is vulnerable to Path Traversal
Software WPLMS Type Theme Vulnerable versions = 4.962 Fixed in 4.963 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10470 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 63557cc0ea32 Credits Foxyyy Required privilege Unauthenticated Published 8...
WordPress CF7 WOW Styler Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS)
Software CF7 WOW Styler Type Plugin Vulnerable versions = 1.6.8 Fixed in 1.6.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51689 Patch priority Medium CVSS severity Medium 7.1 Developer Tobias PSID 34b5f0049a13 Credits Le Ngoc Anh Required privilege...
WordPress FileOrganizer Plugin <= 1.0.9 is vulnerable to Arbitrary File Upload
Software FileOrganizer Type Plugin Vulnerable versions = 1.0.9 Fixed in 1.1.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-7985 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9a28a4363098 Credits TANG Cheuk Hei siunam Required privilege...
WordPress ScottCart Plugin <= 1.1 is vulnerable to Remote Code Execution (RCE)
Software ScottCart Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-50492 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID bd1f778da3e5 Credits Mika Required privilege Unauthenticated...
WordPress WP Adminify Plugin <= 4.0.1.6 is vulnerable to Cross Site Scripting (XSS)
Software WP Adminify Type Plugin Vulnerable versions = 4.0.1.6 Fixed in 4.0.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8959 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a2bca67b8648 Credits Francesco Carlucci...
WordPress BuddyPress Plugin <= 14.1.0 is vulnerable to Directory Traversal
Software BuddyPress Type Plugin Vulnerable versions = 14.1.0 Fixed in 14.2.1 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-10011 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 06408034e9a6 Credits Domons Required privilege Subscriber Publish...
WordPress WC Marketplace Plugin <= 4.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software WC Marketplace Type Plugin Vulnerable versions = 4.2.4 Fixed in 4.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9943 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfdf428207b9 Credits wesley wcraft Require...
WordPress Mega Elements Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Mega Elements Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49693 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d1a9c6f9c436 Credits João Pedro S Alcântara Kinorth Required...
WordPress 3D Work In Progress Plugin <= 1.0.3 is vulnerable to Arbitrary File Deletion
Software 3D Work In Progress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2024-49657 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 209728d5f5a9 Credits stealthcopter Required privilege...
WordPress Author Discussion Plugin <= 0.2.2 is vulnerable to SQL Injection
Software Author Discussion Type Plugin Vulnerable versions = 0.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49609 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 126e44ab20dc Credits João Pedro S Alcântara Kinorth Required privile...
WordPress Easy Post Types Plugin <= 1.4.4 is vulnerable to PHP Object Injection
Software Easy Post Types Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10079 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID da4c9b968b4a Credits István Márton Required privilege Subscribe...
WordPress Htaccess File Editor Plugin <= 1.0.18 is vulnerable to Broken Access Control
Software Htaccess File Editor Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6dd94150ebc Credits savphill Require...
WordPress Wsify Widget Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wsify Widget Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-48048 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8cbe83f02c6b Credits Joshua Chan Required privilege...
WordPress Tainacan Plugin <= 0.21.8 is vulnerable to SQL Injection
Software Tainacan Type Plugin Vulnerable versions = 0.21.8 Fixed in 0.21.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-48040 Patch priority High CVSS severity High 8.5 Developer Tainacan Community PSID 8db23d195d90 Credits Trương Hữu Phúc truonghuuphuc Required privilege...
WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion
Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...
WordPress LatePoint Plugin <= 5.0.11 is vulnerable to SQL Injection
Software LatePoint Type Plugin Vulnerable versions = 5.0.11 Fixed in 5.0.12 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8911 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26726ee6dc78 Credits István Márton Required privilege Unauthenticated...
WordPress Limit Login Attempts Plugin <= 5.3 is vulnerable to Bypass Vulnerability
Software Limit Login Attempts Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2022-4534 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 03e4ff962fd9 Credits rezaduty Required privilege Publishe...
WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download
Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...
WordPress Copyscape Premium Plugin <= 1.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Copyscape Premium Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-47644 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 44e490f9b2ae Credits Abdi Pranata...
WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection
Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...
WordPress JobSearch Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47394 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2995ae22faae Credits Bonds Required privilege Unauthenticat...
WordPress Elements kit Elementor addons Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
Software Elements kit Elementor addons Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8546 Patch priority Low CVSS severity Low 6.5 Developer Wpmet PSID 43112ffb0d64 Credits zer0gh0st Required...
WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.3 is vulnerable to SQL Injection
Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.3 Fixed in 1.3.3.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8624 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 72c934040045 Credits Krzysztof Zając...
WordPress Fusion Builder Plugin <= 3.11.9 is vulnerable to Cross Site Scripting (XSS)
Software Fusion Builder Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5628 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3ab369f1b5cb Credits wesley wcraft Required...
WordPress Triton Lite Theme <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Triton Lite Type Theme Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97a12617cc1a Credits Francesco Carlucci Required...
WordPress LearnPress Plugin <= 4.2.7 is vulnerable to SQL Injection
Software LearnPress Type Plugin Vulnerable versions = 4.2.7 Fixed in 4.2.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-8529 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 137696734fbf Credits abrahack Required privilege Unauthenticated Publish...
WordPress The Ultimate WordPress Toolkit – WP Extended Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS)
Software The Ultimate WordPress Toolkit – WP Extended Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8119 Patch priority Medium CVSS severity Medium 7.1 Developer WP Extended PSID b2e7aa754f90...
WordPress WP Accessibility Helper (WAH) Plugin <= 0.6.2.8 is vulnerable to Broken Access Control
Software WP Accessibility Helper WAH Type Plugin Vulnerable versions = 0.6.2.8 Fixed in 0.6.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5987 Patch priority Low CVSS severity Low 5.4 Developer Alexander Volkov PSID d7cc8b0ae32e Credits Lucio Sá...
WordPress Custom Query Blocks Plugin <= 5.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Custom Query Blocks Type Plugin Vulnerable versions = 5.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44059 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3fa2441e978e Credits 4rCanJ0x! Required privilege...
WordPress Greenshift Query and Meta Addon Plugin < 3.9.2 is vulnerable to SQL Injection
Software Greenshift Query and Meta Addon Type Plugin Vulnerable versions 3.9.2 Fixed in 3.9.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43942 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 13adc6d175b5 Credits Dave Jong Patchstack Required...
WordPress Z Y N I T H Plugin <= 7.4.9 is vulnerable to Settings Change
Software Z Y N I T H Type Plugin Vulnerable versions = 7.4.9 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-43939 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7f62f3b06158 Credits Dave Jong Patchstack Required...
WordPress SendGrid for WordPress Plugin <= 1.4 is vulnerable to SQL Injection
Software SendGrid for WordPress Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-43965 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 897d693aed88 Credits Ananda Dhakal Patchstack Required privilege...
WordPress LiteSpeed Cache Plugin <= 6.3.0.1 is vulnerable to Privilege Escalation
Software LiteSpeed Cache Type Plugin Vulnerable versions = 6.3.0.1 Fixed in 6.4 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-28000 Patch priority High CVSS severity High 9.8 Developer Hai Zheng / Lite Speed Cache PSID b9efa0ab6b82...
WordPress oik Plugin <= 4.12.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software oik Type Plugin Vulnerable versions = 4.12.0 Fixed in 4.12.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43356 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 865f6e2dc335 Credits Abdi Pranata Required privile...
WordPress EmbedPress Plugin <= 4.0.9 is vulnerable to Local File Inclusion
Software EmbedPress Type Plugin Vulnerable versions = 4.0.9 Fixed in 4.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-43328 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 8a6dffdf0163 Credits Rafie Muhammad Patchstack Required privilege...